[CentOS] fail2ban with standard Apache log format?

Wed Jun 19 15:34:17 UTC 2013
Tony Mountifield <tony at softins.co.uk>

In article <kps4fv$33j$1 at softins.clara.co.uk>,
Tony Mountifield <tony at softins.co.uk> wrote:
> I want to use fail2ban on CentOS 6 to monitor Apache with the standard
> default logfile format ("combined"). Has anyone here succeeded in doing so?
> 
> The format has the IP at the start of the line, followed by two dashes
> (if no authentication) and THEN the timestamp. What I've read on the
> fail2ban wiki seems to say that the timestamp must ALWAYS be at the start
> of the line, followed by other stuff. I'm amazed if it isn't configurable...
> 
> I'm using fail2ban 0.8.8 from EPEL.

OK, it turns out that despite what it says in the wiki, recent versions
of fail2ban do allow a non-anchored timestamp match and will preserve the
part of the line before the timestamp. My problem was actually in the
failregex.

All working now.

Cheers
Tony

-- 
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org